About vetting for Splunk Cloud

Cloud vetting is a process in which Splunk determines whether an app is ready for use on Splunk Cloud. Splunk Cloud customers can request vetting of a particular Splunk app. This topic provides a brief overview of the cloud-vetting process:

Why cloud vetting?

If a Splunk Cloud customer wants to run a Splunk app that is available on Splunkbase, the app must first be evaluated for suitability for Splunk Cloud. There are several crucial differences between Splunk Enterprise and Splunk Cloud, and cloud vetting is necessary to help ensure the security of the Splunk Cloud environment and the data stored in that environment. While the vast majority of Splunk apps available on Splunkbase are ready for Splunk Enterprise, they have not all been evaluated for use on Splunk Cloud (listed as compatible with Splunk Cloud on Splunkbase). Some apps are suitable for an on-premises Splunk Enterprise instance, but aren't appropriate when data needs to be transmitted and stored in a cloud environment.

How to request cloud vetting

Cloud vetting is primarily a customer-driven process. That is, Splunk Cloud customers can request that cloud vetting be performed on a Splunk app on Splunkbase. To do so, a Splunk Cloud customer opens a support ticket with Splunk Support.

One or more failures indicate that the Splunk app failed cloud vetting, and is therefore not approved for installation on Splunk Cloud. The Splunk app developer should fix the failures, and then try running the command again.

One or more manual checks indicate that the Splunk app will require manual checking as part of the cloud vetting process. This means that, if the Splunk app is submitted for cloud vetting, a Splunk employee will check the app manually. The cloud vetting process will most likely take longer. If you review the items that will be checked manually against the Splunk Cloud app requirements and best practices, they will be more likely to pass. Developers who clearly comment their work will be most likely to pass vetting, because they will have addressed possible concerns before submitting.

Apps that return zero failures or manual checks will most likely be quickly approved for installation on Splunk Cloud.

How cloud vetting works

Cloud vetting is comprised of an automated and an optional manual process. That is, Splunk first runs the AppInspect tool to perform automated vetting, and then, if necessary, a Splunk employee performs a manual vetting process to further evaluate the app.

The criteria that Splunk uses to vet a Splunk app for Splunk Cloud are listed on Splunk Cloud app requirements and best practices. Be aware that these criteria are always subject to change as new security threats are discovered and the Splunk platform is updated.

If the AppInspect tool returns no failures, and either doesn't require or passes any required manual checks, Splunk will most likely approve the Splunk app for Splunk Cloud. If the cloud vetting was requested by a Splunk Cloud customer, the app is installed on the customer's Splunk Cloud instance upon successful cloud vetting.

If a Splunk app has already been successfully vetted for Splunk Cloud, new versions of the Splunk app will most likely be more quickly vetted.

Questions?

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website.
Learn more (including how to update your settings) here »